Anna Gamvros

Head of Information governance, privacy and cybersecurity, Asia Pacific
Norton Rose Fulbright Australia

Anna Gamvros

Anna Gamvros



Anna is data and technology partner, and heads the firm's cyber risk practice for Asia Pacific. Anna's practice focuses primarily on privacy, technology and communications related issues. She advises clients on privacy and data protection; cybersecurity and breach response; telecommunications and Internet regulatory issues; technology agreements; and outsourcing transactions. She has assisted clients with Hong Kong and China based projects, as well as having a wealth of experience in multi-jurisdictional projects, particularly on implementing e-commerce and data management projects in Asia and across the globe.

Anna is co-author to Internet Law in Hong Kong published by Sweet & Maxwell and is recognized in The Legal 500 and Chambers Asia as a leading individual for her experience technology and data protection. In particularas she is described being someone who "is really able to bring her experience to bear and find pragmatic solutions" and is recognised for her experience across a number of industries, notably with retail and luxury brands.

Anna is a Fellow of Information Privacy (FIP) with the International Association of Privacy Professionals (IAPP) and holds the CIPT and CIPP/Asia certifications. She sits on the IAPP Asia Advisory Board and the Women Leading Privacy Board. She is admitted as a solicitor in Hong Kong and Queensland, Australia.

Professional experience

Expand all Collapse all
  • Solicitor, qualified in Hong Kong
  • Solicitor, qualified in Queensland, Australia
  • An Asian bank – assisted with the implementation of terms for preparation and the use of biometric authentication for its mobile app.
  • A major global financial institution – advised on a US$100 million outsourcing of its processes to the service provider facilities in China and Ireland.
  • An international hotel group – acted on contractual arrangements for the acquisition of the group's cloud data facilities.
  • A major Chinese e-commerce company – represented on the set up of its points of presence and internet data centres globally.
  • An international financial institution – assisted with the negotiation regarding renewal of its data centre contract with a leading IT company.
  • An international education provider – represented on its data hub strategy and implementation of its global privacy compliance program.
  • An international fashion brand – acted on its setup of a global e-commerce website for use in over 40 countries, including drafting and reviewing the website terms or use, privacy and cookies policy.
  • A leading cosmetic brand – advised on handling a breach incident affecting its website, including customer management and regulatory notification in 20 countries.
  • An international airline – assisted with its implementation and rollout of a global privacy compliance program for customer and employees data.
  • An international hotel group – acted on breach response and regulatory issues following a cyber-attack on its reservation booking provider, affecting its hotels in Asia, Europe and the US.
  • A luxury fashion brand – represented on the data privacy implications of the implementation of a regional CRM system.
  • Leading e-commerce platform providers – advised on its joint venture to launch an online auction marketplace in China.
  • A US software company – assisted with the build and operation of a development centre in China to accommodate the outsourcing of development, testing and support services for its products and services.
  • A US fashion retailer – advised on the set up and rollout of its Asian e-commerce platform, including the review of terms and conditions, privacy and marketing policies and providing on going assistance to use of data for targeted promotions. ​